Hi Sudo has me boggled ..... I'm trying to configure a group %linuxadmins .. My account is a member of linuxadmins , when I sudo iptables -h I get "sudo: iptables: command not found". If I sudo /sbin/iptables -h it works fine. My config is at follows (standard config) Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig Cmnd_Alias LOCATE = /usr/bin/updatedb Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall Cmnd_Alias DRIVERS = /sbin/modprobe Defaults requiretty Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ _XKB_CHARSET XAUTHORITY" %linuxadmins ALL=(ALL) ALL I have also tried %linuxadmins ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS with the same results. Thanks Greg -- - TLA - three letter acronym ... - We are loosing the art of communication through progress.. Proverbs 27:17 (New International Version) 17 As iron sharpens iron, so one man sharpens another.
Gregory Machin wrote:
Hi Sudo has me boggled ..... I'm trying to configure a group %linuxadmins .. My account is a member of linuxadmins , when I sudo iptables -h I get "sudo: iptables: command not found". If I sudo /sbin/iptables -h it works fine.
If you sudo bash and then echo $PATH, what do you see? I'm guessing /sbin won't be in it -- sudo uses the target account's $PATH, not your account's. butting
On Sat, Oct 16, 2010 at 12:54 PM, Bryce Utting <butting(a)ihug.co.nz> wrote:
Gregory Machin wrote:
Hi Sudo has me boggled ..... I'm trying to configure a group %linuxadmins .. My account is a member of linuxadmins , when I sudo iptables -h I get "sudo: iptables: command not found". If I sudo /sbin/iptables -h it works fine.
If you sudo bash and then echo $PATH, what do you see?
I'm guessing /sbin won't be in it -- sudo uses the target account's $PATH, not your account's.
butting _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
[macgre(a)ns2 ~]$ sudo echo $PATH /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/macgre/bin no it's missing .. how do I get sudo to add this ? -- - TLA - three letter acronym ... - We are loosing the art of communication through progress.. Proverbs 27:17 (New International Version) 17 As iron sharpens iron, so one man sharpens another.
Gregory Machin wrote:
I'm trying to configure a group %linuxadmins .. My account is a member of linuxadmins , when I sudo iptables -h I get "sudo: iptables: command not found". If I sudo /sbin/iptables -h it works fine.
If you sudo bash and then echo $PATH, what do you see?
I'm guessing /sbin won't be in it -- sudo uses the target account's $PATH, not your account's.
[macgre(a)ns2 ~]$ sudo echo $PATH /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/macgre/bin
no it's missing .. how do I get sudo to add this ?
According to man sudo:
Environment variables to be set for the command may also be passed on the command line in the form of VAR=value, e.g. LD_LIBRARY_PATH=/usr/local/pkg/lib. Variables passed on the command line are subject to the same restrictions as normal environment variables with one important exception. If the setenv option is set in sudoers, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would overwise be forbidden. See sudoers(5) for more information.
so you could (presumably) sudo PATH=/bin:/sbin iptables -h, or clog up your sudoers some more, but I can't say that those'd really be any improvement over just using sudo /sbin/iptables. is there any particular reason against the latter? (PATH=$PATH may be worth looking into; you'll probably find that the shell substitutes your path, which I think is what you're after. specifying an overly-limited path may well confuse iptables; it'll *definitely* confuse other programs.) Me, I'd go for sudo /sbin/iptables. it's clear, it's repeatable, it won't cause any surprises later if anyone mucks with account paths. butting
participants (2)
-
Bryce Utting -
Gregory Machin